CVE-2011-4190

Name of the Vulnerable Software and Affected Versions kdump versions prior to 2012-01-20

Description The issue is related to the missing host key verification in the kdump and mkdumprd OpenSSH integration of kdump. This could allow a remote malicious kdump server to impersonate the correct kdump server, potentially obtaining security-sensitive information, such as kdump core files.

Recommendations For versions prior to 2012-01-20, update to a version that includes the fix for this issue to ensure host key verification is properly implemented. As a temporary workaround, consider restricting access to the kdump server to minimize the risk of exploitation.